Health & Care

Countrywide/large-scale connected-care systems, including Scotland, U.S. military, Chile, Partners Healthcare, and five regional health information exchanges in the United States use InterSystems technology.

November 3, 2015 – Alert: Large ODBC Query Results Incomplete

InterSystems has corrected a defect with the Caché ODBC driver that can result in incomplete query results. The problem can occur when the total size of all rows returned would exceed 4KB. There is no indication that the failure has occurred. Results greater than 4KB are truncated.

This defect exists only in the Caché ODBC driver that is distributed with versions 2015.2.0 and 2015.2.1 of Caché, Ensemble, and HealthShare. The risk is present for all platforms and operating systems.

The corrections for this defect are identified as JCN1662 and JCN1665. They will be included in all future releases of Caché, Ensemble, and HealthShare.

Caché ODBC drivers are designed to be upward and backward compatible. Until corrected Caché ODBC drivers for 2015.2 are available, drivers from older versions can be used to avoid this issue. Drivers for older versions are available in the download area of the Worldwide Response Center (WRC) application.

If you have any questions regarding this advisory, or need assistance with obtaining and installing drivers, please contact the Worldwide Response Center.

October 14, 2015 – Alert: Database Defragmentation

InterSystems has corrected a defect with the Caché database defragmentation utility. The defect has been observed to cause access violations in the defragmentation process, leading to a hung environment. Other impacts are possible though have not been reported. These include database degradation (which may occur without warning message) and process failures.

This risk exists in all released versions of Caché, Ensemble, and HealthShare beginning with 2014.1. The risk is present for all platforms and operating systems except OpenVMS.

InterSystems recommends that you postpone any database defragmentation activities until you apply the correction.

The correction for this defect is identified as JO2871. It will be included in all future releases of Caché, Ensemble, and HealthShare. The correction is also available via Ad hoc distribution from InterSystems Worldwide Response Center (WRC).

August 31, 2015 – InterSystems Security Notification

InterSystems has corrected a security vulnerability in Caché and therefore also in Ensemble, HealthShare and TrakCare. While this vulnerability was only recently discovered, it impacts versions of Caché beginning with 2007.1 and all versions of Ensemble and HealthShare. All customers who are running these versions are vulnerable.

Corrected software distributions are available from InterSystems. Remediation may require some downtime.

Any InterSystems product distribution that you receive after August 18, 2015 contains the corrections for this vulnerability.

InterSystems has corrected a defect that causes errors when executing a data transformation of an HL7, X12, ASTM, or EDIFACT message that includes a call to a segment-level sub-transformation.

This alert applies to Ensemble and HealthShare on all platforms. The defect is present only in Ensemble 2015.2 and in HealthShare versions based on Ensemble 2015.2.

Due to the defect, when a segment-level sub-transformation is called, it is probable that a <PARAMETER> error will occur. The error occurs in the CopyValues() method of the relevant segment type (HL7, X12, ASTM, or EDIFACT). If your application employs a routing engine and this error occurs, the corresponding message will not be routed.

The correction for this defect is identified as KDS214. It will be included in all future releases of Ensemble and HealthShare, including the upcoming Ensemble 2015.2.1 maintenance release. If there is an urgent need for the correction, it is also available via Ad Hoc distribution from InterSystems Worldwide Response Center (WRC). If you have any questions regarding this advisory, please contact the Worldwide Response Center.

May 14, 2015 – Advisory: Yosemite OS X 10.10.3

InterSystems has corrected a defect that causes the Caché ObjectScript JOB command to fail.

This advisory applies to all InterSystems Products running on the recently released Apple OS X version 10.10.3 platform. (Note: OS X 10.10.x first became a supported platform with Caché and Ensemble v2014.1)

InterSystems recommends that this correction be applied prior to upgrading to OS X 10.10.3.

The correction is identified as JLC1866. It will be included in all future releases of Caché, Ensemble and HealthShare. The correction is also available via Ad Hoc distribution from InterSystems Worldwide Response Center (WRC). If you have any questions regarding this advisory, please contact the Worldwide Response Center.

May 8, 2015 – Advisory: HL7, X12, ASTM and EDIFACT Message Processing

InterSystems has corrected a defect that causes errors when updating segmented virtual documents such as HL7, X12, ASTM and EDIFACT. The error is triggered by a specific sequence of operations, namely:

1) Clone an existing message OR create a message using a class method of the form ImportFrom…

2) Use the method GetSegmentAt to fetch an individual segment of the message.

These steps cause the segment to be incorrectly marked immutable; it cannot be changed. Attempts to modify the segment fail with the message “<ENS>ErrGeneralSegment is immutable”

DTL (Data Transformation Language) usage is not at risk from this defect unless the GetSegmentAt method is explicitly called in a custom code block.

This Advisory applies to Ensemble and HealthShare on all platforms. This defect only exists in versions 2015.1 and 2015.1.1.

The correction for this defect is identified as JGM282. It will be included in all future releases of Ensemble and HealthShare. The correction is also available via Ad Hoc distribution from InterSystems Worldwide Response Center (WRC). If you have any questions regarding this advisory, please contact the Worldwide Response Center

May 6, 2015 – Advisory: OpenVMS 8.4 Incompatibility

InterSystems has discovered that an update to OpenVMS 8.4 will cause functionality within InterSystems products to hang indefinitely. While we have not been able to confirm the specific update we know that the problem is present as of VMS84A_UPDATE-V0500.

This Advisory applies to all released versions of Caché and Ensemble on OpenVMS Alpha, multi-cpu platforms. We are still investigating whether there is a similar impact for Integrity systems.

InterSystems has discussed the incompatibility with HP and decided to implement a workaround based on their guidance. Customers who find it necessary to either upgrade Alpha systems to OpenVMS 8.4 or install updates to Alpha systems already running OpenVMS 8.4 should not do so before applying the workaround.

The workaround is identified as LG427; it will be included in all future releases of Caché, Ensemble and HealthShare beginning with version 2015.2. It is also available via Ad Hoc distribution from InterSystems Worldwide Response Center (WRC). If you have any questions regarding this advisory, please contact the Worldwide Response Center.

April 28, 2015 – Advisory: Mirroring Default QoS Value Considerations

InterSystems has determined that the default value of the mirroring Quality of Service Timeout (QoS) setting is too small for some environments. This can result in undesired mirror failovers and/or unnecessary alerts.

This advisory applies to all platforms. Although the issue exists with any version of Caché, Ensemble or HealthShare that supports mirroring, this advisory is of particular note to deployments using version 2015.1 with the arbiter.

The Quality of Service Timeout (QoS timeout) setting affects failover member and arbiter behavior by defining the range of time, in milliseconds, that a mirror member waits for a response from another mirror member before taking action. The QoS timeout itself sets the maximum waiting time, while the minimum is one-half of that. A larger QoS timeout allows the mirror to tolerate a longer period of unresponsiveness from the network or a host without treating it as an outage; decreasing the QoS allows the mirror to respond to outages more quickly.

InterSystems has observed that virtualized hosts, in particular, often become entirely unresponsive for periods that exceed the default QoS value when operations such as backup or guest migration occur. Typically, deployments on physical (non-virtualized) hosts with a dedicated local network can operate within the default QoS value continually.

The default QoS timeout is 2 seconds (2000 ms). In future versions, the default QoS timeout will be 8 seconds (8000 ms) to allow for several seconds of intermittent unresponsiveness that may occur on some hardware configurations.

InterSystems recommends reviewing your hardware configuration and the effects of any operations regularly performed on the virtualization hosts to determine a reasonable setting for QoS. In deciding whether to increase the QoS timeout, the potential of an undesired failover should be weighed against a slower response time during actual outages. The timeout can be changed via the System Management Portal ‘Edit Mirror’ page, or via the ^MIRROR utility. If you have any questions regarding this advisory, please contact InterSystems’ Worldwide Response Center.

March 11, 2015 – Alert: Write Image Journal failure

InterSystems has corrected a defect that may cause data integrity issues following a crash on systems with a certain unusual configuration. Specifically, the defect can cause application of the WIJ file to fail during startup.

This defect is present in all currently released versions of Caché, Ensemble, and HealthShare. It affects all platforms and operating system versions.

The only systems vulnerable to this defect are those that mount hundreds of databases referenced by long path names. When the combined length of the path names exceeds approximately 32,000 characters, the defect can occur. The exact condition can be checked for a given system by running the following command:

For Windows:

<install-directory>bincwdimj -d2 -j<wij-directory>

For Unix/Linux

<install-directory>/bin/cwdimj -d2 -j<wij-directory>

For OpenVMS

Define a foreign command

$ cwdimj :== $sys$disk:[-.bin]cwdimj.exe

and from the cachesys manager’s directory issue:

$ cwdimj –d2 –j_<wij-directory>

The output of this command will include the value of “Dirlen”. If Dirlen is less than or equal to 32768, the system is not currently exposed to this defect. Please note that the value of Dirlen changes as you add or remove databases to your running environment. If Dirlen is close to the limit of 32768, InterSystems recommends that you request the correction identified below.

If a system exposed to this defect shuts down abnormally, and the abnormal shutdown occurs at a time when there are database blocks pending in the WIJ, startup will fail necessitating manual deletion of the WIJ. This causes database integrity issues. If this occurs, an entry similar to the following will be present in the cconsole log file:

Starting WIJ recovery for ‘<pathname>CACHE.WIJ’.

N>0 blocks pending in this WIJ.

WIJ pass # is 0.

WIJ file does not match expectations: XXXXX

The correction for this defect is identified as JPL1675. It will be included in all future releases of Caché, Ensemble, and HealthShare. The correction is also available via Ad Hoc distribution from InterSystems Worldwide Response Center (WRC). If you have any questions regarding this advisory, please contact the Worldwide Response Center.

March 4, 2015 – Advisory: FREAK attack SSL/TLS Vulnerability

Yesterday an announcement was made of a new SSL/TLS vulnerability referred to as the “FREAK attack”. The issue is that the key length of the cipher used to encrypt data can be shortened in export libraries, weakening the encryption.

This advisory applies to all currently released versions of InterSystems products that support SSL/TLS, including Caché, Ensemble, HealthShare and TrakCare.

By default a SSL/TLS configuration created in InterSystems products is not susceptible to this attack. The default flags for the Cipher Suites include the element !EXP which prevents the shortening of the key length. It is possible for an administrator to override this default. As an example the default flags in Caché 2015.1 are:

TLSv1:SSLv3:!ADH:!LOW:!EXP:@STRENGTH

InterSystems recommends that the above default settings be reviewed for the existence of the !EXP element. If it has been removed it should be re-added. Customers should follow the recommendations of their OS vendors for obtaining corrections to this vulnerability.

February 13, 2015 – Advisory: “GHOST” Vulnerability

InterSystems products use the glib library on supported platforms in limited fashion, but the library is not shipped as part of any InterSystems product. According the recently announced “GHOST” security vulnerability the glib library is a security risk.